3

I am trying to follow the solution in the following post to be able to use a CNG private key as signing key for my SignedXml.

"Invalid provider type specified" CryptographicException when trying to load private key of certificate

enter image description here

CustomSignedXml derives from SignedXml. However, when I do this and call ComputeSignature method, I get the exception

Method is not supported.at System.Security.Cryptography.RSA.DecryptValue(Byte[] rgb) at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()

As the stack trace suggest Method is not supported is thrown from DecryptValue which I see is a deprecated method from RSA base class. I can't override it to use the RSACng.Decrypt because RSACng is a sealed class.

https://msdn.microsoft.com/en-us/library/system.security.cryptography.rsa.decryptvalue(v=vs.110).aspx

What am I missing here?

Community
  • 1
  • 1
MichaelChan
  • 1,808
  • 17
  • 34

1 Answers1

2

In the CLR Security issue page, SignedXml still has missing support for RSACng. However, the comment has directed me to 4.6.2 Preview. You can use GetRSAPrivateKey() to get the key (I think it's already avaiable in 4.6.1) but this time I was not gettting the "Method Not Supported" exception. So the best resolution is to update your framework to 4.6.2 and the following code would work.

https://clrsecurity.codeplex.com/workitem/11073

private CustomSignedXml CreateSignedXml()
    {
        var signedXml = new CustomSignedXml(_documentToSign)
        {
            SigningKey = _signingCertificate.GetRSAPrivateKey(),
            KeyInfo = CreateKeyInfo()
        };

        Reference reference = new Reference("");
        reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
        reference.DigestMethod = SecurityAlgorithms.Sha256Digest; // SignedXml.XmlDsigSHA256Url;


        signedXml.SignedInfo.CanonicalizationMethod = SecurityAlgorithms.ExclusiveC14n;
        signedXml.SignedInfo.SignatureMethod = SecurityAlgorithms.RsaSha256Signature; // SignedXml.XmlDsigRSASHA256Url
        signedXml.AddReference(reference);

        return signedXml;
    }
MichaelChan
  • 1,808
  • 17
  • 34
  • 1
    THANK YOU! The update to 4.6.2 was the clue I needed. My signatures are failing to be verified currently, but at least I'm past the failure to compute stage! – CodeThief Aug 05 '21 at 12:58